Tlon / Urbit Skill

Tlon/Urbit skill for OpenClaw agents. Interact with the Urbit network.

The Tlon Skill is the most downloaded community plugin in the entire OpenClaw ecosystem, with nearly 194,000 weekly downloads — a testament to the growing intersection of decentralized computing and AI agents. Built by Tlon Corporation (the company behind Urbit's flagship messenger), this skill gives OpenClaw agents full access to the Tlon Messenger platform running on Urbit, the peer-to-peer computing network where every user owns their own server ('ship'). The skill provides a comprehensive CLI and programmatic interface covering nearly every action an everyday Tlon Messenger user can perform: listing groups and channels, reading and sending DMs, reacting to posts, managing contacts and profiles, creating groups, posting to notebook/diary channels, monitoring activity feeds (mentions, replies, unreads), and managing channel hooks. Authentication supports multiple methods — cookie-based auth for speed, code-based auth for simplicity, or automatic credential loading from OpenClaw's Tlon channel configuration. What makes this integration architecturally unique is Urbit's identity model. Every Urbit identity (like ~sampel-palnet) can spawn lightweight 'moons' — sub-identities perfect for running bots. This means your OpenClaw agent gets its own sovereign identity on the network, not a platform-granted bot token that can be revoked. The skill caches authentication cookies locally at ~/.tlon/cache/ for seamless reconnection, and supports multi-ship operation for managing multiple Urbit identities from a single OpenClaw instance. The skill is distributed both as an npm package and as pre-built binaries for macOS (ARM64/x64) and Linux (x64), making it accessible even without a Node.js installation. It pairs with the separate @openclaw/tlon channel plugin (which handles real-time message receiving) and the @tloncorp/tlonbot package for hosted/K8s deployments with additional features like workspace files and settings-store integration. Ideal for anyone invested in the Urbit ecosystem who wants AI-powered automation of their Tlon communications.

Tags: p2p, urbit, tool

Use Cases

  • AI-powered bot on the Urbit network responding to DMs and group messages
  • Automated community management for Tlon Messenger groups
  • Cross-platform AI assistant bridging Urbit with Telegram/WhatsApp via OpenClaw
  • Decentralized notification system — AI monitors Urbit activity and alerts on other channels
  • Content automation for Tlon notebook/diary channels
  • Privacy-first AI assistant on a sovereign, peer-to-peer messaging network

Tips

  • Use cookie-based auth for faster connections — it skips the login request entirely
  • Spawn a moon (~your-ship/moon-name) as a dedicated bot identity instead of using your main ship
  • Pair this skill with the @openclaw/tlon channel plugin for full bidirectional messaging
  • Use the pre-built binary downloads if you want to avoid Node.js dependency entirely
  • Set up credential caching on first use — subsequent commands need zero flags
  • Check activity mentions with --limit to monitor conversations without polling entire channels
  • For hosted environments, use @tloncorp/tlonbot which adds workspace files and settings-store features

Known Issues & Gotchas

  • The skill and the channel plugin are separate packages — @tloncorp/tlon-skill for sending/interacting, @openclaw/tlon for receiving messages
  • Cookie-based auth embeds the ship name in the cookie (urbauth-~ship=...) — don't mix cookies between ships
  • An SSRF vulnerability was disclosed in the Tlon extension auth — always validate ship URLs and keep OpenClaw updated
  • Pre-built binaries are versioned at 0.1.0 — the npm package may be newer (0.3.0)
  • If you have multiple cached ships, specify --ship explicitly or the skill picks the first cached one
  • The skill caches credentials at ~/.tlon/cache/ — clear with rm ~/.tlon/cache/*.json if auth breaks
  • Urbit ship names use the ~ prefix — don't forget it in configuration

Alternatives

  • Telegram Channel
  • Matrix Channel
  • Signal (via plugin)

Community Feedback

It is now possible to run a full Tlon Messenger bot on your own computer alongside OpenClaw. On Urbit, every identity can spawn lightweight sub-identities perfect for running bots.

— Twitter (@tloncorporation)

OpenClaw affected by SSRF in optional Tlon (Urbit) extension authentication — ensure your ship URL is trusted and not user-controlled.

— GitLab Advisory

Tlon: decentralized messaging on Urbit; install the plugin to enable. The OpenClaw ecosystem supports platforms most people haven't even heard of.

— r0k's Blog

Our messaging app is completely open-source, decentralized, and truly peer-to-peer. You can audit what it's doing, and it's on par with the tools we're familiar with.

— Tlon.io

Frequently Asked Questions

What is Urbit and why does Tlon use it?

Urbit is a peer-to-peer computing network where every user runs their own server ('ship'). Tlon is a messenger built on Urbit, meaning your messages and data live on your own ship — not on a company's servers. This gives true data ownership and censorship resistance.

Why does this plugin have nearly 200K weekly downloads?

The high download count reflects both the Tlon/Urbit community's enthusiasm for AI integration and the skill's distribution as platform-specific binary packages (darwin-arm64, darwin-x64, linux-x64) which each count separately. It's genuinely the most popular community plugin by download volume.

Do I need to run my own Urbit ship?

Yes. You need either a self-hosted Urbit ship or one hosted through tlon.network (Tlon's hosting service). The skill connects to your ship's API — there's no way to use Tlon without an Urbit identity.

What's the difference between tlon-skill and the Tlon channel plugin?

The skill (@tloncorp/tlon-skill) is for sending messages and performing actions on Tlon. The channel plugin (@openclaw/tlon) handles receiving incoming messages and routing them to OpenClaw. You typically want both for full bidirectional communication.

Is there a security concern with the Tlon extension?

A Server-Side Request Forgery (SSRF) vulnerability was disclosed in the optional Tlon extension authentication. Keep OpenClaw updated and ensure your ship URL configuration is trusted — don't allow user-controlled ship URLs in multi-user setups.

Can I run a bot with its own Urbit identity?

Yes — and that's the recommended approach. Urbit lets any ship spawn 'moons' (lightweight sub-identities) that are perfect for bots. Your bot gets its own sovereign identity on the network rather than a platform-granted token.

Configuration Examples

Cookie-based authentication

# CLI usage:
tlon --url https://your-ship.tlon.network --cookie "urbauth-~your-ship=0v..." contacts self

# Config file (~/.tlon/config.json):
{"url": "https://your-ship.tlon.network", "cookie": "urbauth-~your-ship=0v..."}

Code-based authentication with caching

# First time — authenticate and cache:
tlon --url https://zod.tlon.network --ship ~zod --code abcd-efgh contacts self
# Output: Note: Credentials cached for ~zod

# All subsequent commands — no flags needed:
tlon channels groups
tlon messages dm ~sampel-palnet --limit 20
tlon activity mentions --limit 10

OpenClaw integrated configuration

# In openclaw.yaml:
channels:
  tlon:
    enabled: true
    ship: "~your-ship"
    url: "https://your-ship.tlon.network"
    code: "sampel-ticlyt-migfun-falmel"

# Skill auto-detects OpenClaw config — just run:
tlon contacts self

Installation

openclaw plugins install @tloncorp/tlon-skill